IT departments still struggle with secure resource access
IT departments are still struggling to ensure secure, appropriate access to data resources, even as the deadline for the General Data Protection Regulation (GDPR) looms.
That was the feedback from a recent Dublin event run by ManageEngine.
According to one of the presenters, Vivin Sathyan, lead executive, business development, AD Solutions, ManageEngine, despite the level of GDPR readiness being quite high, the feedback from the 70-odd attendees was that it is still not as easy as desired to implement secure, appropriate access to resources for end users.
The event was focused on GDPR in a security context, with specific regard to user access and control. As a central principle of the GDPR is to ensure that only those who have specific needs have access to sensitive data, this has been a focus for many IT departments.
Sathyan said the gauge from the room was that around 70% of attendees reckoned they were GDPR ready and were looking at the final details to ensure all was well for the deadline.
“We made sure to structure the materials to give them a final touch on what to do, and what not, for the regulations, while generally hardening the IT security landscape of their organisations,” said Sathyan.
With regard to the points of interest from the floor, he reported a query from law enforcement in terms of balancing security with accessibility and usability. While tightening security for end users, Sathyan said there was also the need to ensure that ensure that systems were still usable.
He said there was also a lot of interest in giving end users a degree of self-service, for common tasks, such as password resets and account unlocking. There was also interest in the ability to give users access to several applications with one integrated console, and to be able to synchronise a strong password policy across business platforms within an organisation. However, Sathyan said reports were that structuring users and groups with appropriate permissions often required scripting in the Active Directory (AD) environment, which remains a limited skill set. As such, offerings that provided a graphic user interface (GUI) to accomplish such tasks is desired.
“They wanted to structure the groups and the users so that there was access only to the right resources, and if there were any instances of inappropriate access they wanted to be able to perform a [permissions] clean-up immediately,” said Sathyan.
Not everyone has the skills to do this in a robust and efficient manner, he said.
Sathyan said that he had not got the impression that organisations were thinking of GDPR compliance and data protection standards as a differentiator or a means of competitive advantage, rather with the process of GDPR compliance being two years old, organisations now see it as just another regulation. While this may follow later, he opined, it was not the impression currently. He said that organisations were not so focused on the minutia, but more on the broad strokes.
Attendees were reminded that ManageEngine has made a free GDPR kit available for any organisation that wants a resource to gauge their compliance as the deadline approaches.